Non admin user can't run Script macro

Hello All,

I’m trying to get the Python macro working but I’m having a few problems. The Python macro seems to be missing from my XWiki instance so tried to use {{script language="python"}} instead. While this works for admin users the Script macro can’t be run by non admin users due to permission problems.

Any help would be appreciated.

Note I’m running XWiki 9.5.1 and have removed programming permissions for users.

Error Output:

Failed to execute the [script] macro. Cause: [The execution of the [script] script macro is not allowed. Check the rights of its last author or the parameters if it's rendered from another script.]. Click on this message for details.

org.xwiki.rendering.macro.MacroExecutionException: The execution of the [script] script macro is not allowed. Check the rights of its last author or the parameters if it's rendered from another script.
	at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:178)
	at org.xwiki.rendering.macro.script.AbstractScriptMacro.execute(AbstractScriptMacro.java:58)
	at org.xwiki.rendering.internal.transformation.macro.MacroTransformation.transform(MacroTransformation.java:272)
	at org.xwiki.rendering.internal.transformation.DefaultRenderingContext.transformInContext(DefaultRenderingContext.java:183)
	at org.xwiki.rendering.internal.transformation.DefaultTransformationManager.performTransformations(DefaultTransformationManager.java:95)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:263)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:133)
	at org.xwiki.display.internal.DocumentContentDisplayer.display(DocumentContentDisplayer.java:58)
	at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:96)
	at org.xwiki.display.internal.DefaultDocumentDisplayer.display(DefaultDocumentDisplayer.java:39)
	at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:123)
	at org.xwiki.sheet.internal.SheetDocumentDisplayer.display(SheetDocumentDisplayer.java:52)
	at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:68)
	at org.xwiki.display.internal.ConfiguredDocumentDisplayer.display(ConfiguredDocumentDisplayer.java:42)
	at com.xpn.xwiki.doc.XWikiDocument.display(XWikiDocument.java:1164)
	at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1205)
	at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1182)
	at com.xpn.xwiki.doc.XWikiDocument.getRenderedContent(XWikiDocument.java:1213)
	at com.xpn.xwiki.api.Document.getRenderedContent(Document.java:704)
	at sun.reflect.GeneratedMethodAccessor622.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
	at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:567)
	at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71)
	at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:106)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.xwiki.velocity.introspection.TryCatchDirective.render(TryCatchDirective.java:87)
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:361)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:792)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:671)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:646)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:85)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:645)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:624)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:610)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:77)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2131)
	at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2109)
	at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:952)
	at sun.reflect.GeneratedMethodAccessor299.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230)
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:361)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:792)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:671)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:646)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:85)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:645)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:624)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:610)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:77)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2131)
	at com.xpn.xwiki.XWiki.parseTemplate(XWiki.java:2109)
	at com.xpn.xwiki.api.XWiki.parseTemplate(XWiki.java:952)
	at sun.reflect.GeneratedMethodAccessor299.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395)
	at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384)
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173)
	at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280)
	at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:216)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:311)
	at org.apache.velocity.runtime.directive.RuntimeMacro.render(RuntimeMacro.java:230)
	at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:207)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87)
	at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:106)
	at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259)
	at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222)
	at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:361)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:792)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:671)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:646)
	at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:85)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:645)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:624)
	at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:610)
	at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:77)
	at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2131)
	at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:180)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:463)
	at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
	at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:134)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
	at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:784)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1452)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

Yes that macro shortcut was forgotten in the big refactoring from “XWiki Enteprise” to “XWiki” and put back by default in 9.6. There is no difference technically between that shortcut and what you used.

Now your problem.

To be really sure, is this your situation:

  • you have an admin which put a python script in a page
  • the admin can view the result of the page
  • non admin cannot view the result of the same page

?

Exactly.

Or if a normal user creates a python script in a page and saves it he will get the same result as above.

Ben

Well that one is expected. You cannot expect a user which does not have programming right to be allowed to use Python.

I see. I thought programming rights were only for accessing protected API calls.

I take it this means a normal user can only script in velocity? Could you point me to where this is documented please, I did some searching before posting this topic and couldn’t find anything explicitly stating this.

Thanks,
Ben

Here for example: http://www.xwiki.org/xwiki/bin/view/Documentation/DevGuide/Scripting/ :slight_smile:

Aha!.. not sure how I missed that. Thanks Vincent!

The problem with other languages is that it’s not so easy to sandbox and require specific work for each kind of language engine (right now most languages macro are just JSR223 API shortcuts). There is a bit of work in that directly in the groovy macro but we still need to setup properly the list of things that are allowed and did not worked on that since a very long time.

OK. Good to know the background and that one day it might be possible as this could be quite useful given Python’s popularity.

Thanks again guys.
Ben

Maybe you can find some “inspiration” at Jenkins, they are already sandboxing groovy and have an extensive list of allowed and “forbidden” methods for groovy. Also I like their approval mechanism, enabling admins to allow scripts that are considered “dangerous” by default.

Seems nice.

A long time I started a Groovy Sandbox, see http://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Configuration/#HSecuringGroovyScripts (leads to http://extensions.xwiki.org/xwiki/bin/view/Extension/GroovyModulePlatform ).

It’s working but very limited ATM since I protected almost everything :wink: